Posts: 10

Topic: Firefox ssl_error_rx_record_too_long

Hello i install iredmail of my local server.Iam very happy with your solution, its easy fast and easy to handle!So i have a problem, when i try to go of postfixadmin https://mywebsite.local/postfixadminthan comes the warning message from firefox: (Fehlercode: ssl_error_rx_record_too_long)How can i fix this?thanks for helping me chun223

Re: Firefox ssl_error_rx_record_too_long

Do you have a ClarkConnect or ClearOS as a firewall before your mail server?

@maxie_ro. Do you mean iRedMail works on ClarkConnect & ClearOS without modification?

No, it doesn't. But you can put a separate machine with ClearOS/ClarkConnect as a firewall. Unfortunately it corrupts SSL sessions. I had this case a few days ago, this is why I asked.

@chun23: I'm not sure why this happens, but each time I saw this happen it was because of a broken firewall that modifies SSL sessions. Can you try disabling the firewall on your server if there is any? Also, can you try connecting directly to your mail server using a switch and see if the problem persists?You can try also Google, I saw some errors caused by Apache modules etc.

Re: Firefox ssl_error_rx_record_too_long

When i try to go of my site https://mywebsite.local with opera stand there:The server use the ssl2 protocoll what not safe enough is. The owner from the server must change to TLS1.0 or higher.So what i must change ?please help methx

Re: Firefox ssl_error_rx_record_too_long

Re: Firefox ssl_error_rx_record_too_long

chun23 wrote:

Nobody can help?

I had a similar problem several months ago and found that the issue was not with iRedmail but with the DSL Modem/Router (Actiontec PK5000) that I was provided by my ISP. For 5 months everything worked just fine then all of the sudden I started getting this same error.

What I figured out after running many tests and many different configurations was that my DSL Modem/Router was not forwarding port 443 to the appropriate server. That is when I was on my internal Network(just a switch between me and the Mail Server) everything worked just fine but as soon as anyone including myself tried to access Our Mail Server from the outside world we would get the same ssl error that you were getting.

How I fixed the problem:1) I verified that the DSL Modem was routing port 443 to my Mail Server (in my case the port forwarding rules that i had originally set were no longer working)2) After figuring out that my original rules were no longer being applied I reset the rules -- this did not fix the problem3) I verified that Apache was set up to support SSL (on an Ubuntu based systems I used the following commands:

a2ensite "your site name"a2enmod ssl

4) After verifying that SSL Support was running on the Mail server I then Double Checked my DSL Modem/Router Configuration for port 4435) I Formatted and re-installed the OS on my Mail Server 3 times with no success6) I uninstalled and re-installed iRedmail 6 times with no success7) I replaced the DSL Modem(Actiontec PK5000) that was provided by my ISP (replaced with D-Link DSL 2540b) and this fixed everything.

I think what is happening is a couple of things. For me I have DNS Servers set up on my Local Network, so when the PK5000 lost its mind and start sending Everything on port 443 to my Web Server and not my Mail Server, my Web Server would read the TCP/IP Header of the packet and realize that the traffic for my Mail Server on port 443. It would then query my DNS server and route the traffic to my Mail Server which would then try to respond but because of this Miss routed packet ALL Web Browsers would think something was wrong and kick out the SSL error. I spent many Hours (well over 100hrs) trying to figure this issue out.